An average employee uses 36 cloud-based services daily. Gartner estimates public cloud end-user SaaS spending, which is the cost for providing applications, to exceed $675 billion in 2024. Who accesses which app, to what end, and the associated costs is opaque data that organisations cannot see, unless they have the right security solution in place. With employees using shadow applications increasingly, the risk of data breaches continues to significantly rise. Therefore, monitoring and regulating access to applications is crucial for ensuring cloud security. This is where cloud access security brokers (CASBs) come into play. CASBs help security teams manage access to cloud services without compromising data security.
Organisations often struggle with getting visibility into their employees’ application usage given today’s cloud-centric world. Detecting threats and ensuring cloud-based data security is a challenge. Additionally, meeting compliance requirements in a highly cloud-service-based environment is a complex issue. CASBs solve these challenges.CASBs act as intermediaries between cloud service providers and end users, monitoring the traffic between them to provide holistic visibility into sanctioned, unsanctioned, and shadow application usage. According to Gartner®, an effective CASB solution has four core features (or pillars):
- Visibility: As the first step towards security, gaining visibility into a multi-cloud environment without a CASB is a challenge. Apart from discovering the use of cloud applications, CASBs perform deep packet inspection and analyse content in real-time during file uploads. It also provides details on user identity, location, device type, application usage, and the volume of data. By monitoring identities and regulating access controls, CASBs provide an extra layer of security.
- Data security: The convenience factor of cloud services has revolutionised data sharing, but it comes with security risks. CASBs enhance data security by inspecting sensitive data transfers to and from the cloud as well as between different cloud services. This helps to prevent unintentional and malicious data exfiltration attempts. CASBs can enforce data-centric security policies across cloud services for maximum security.
- Compliance: Adherence to privacy regulations and compliance mandates is a major concern for organisations adopting cloud-based services. CASBs identify and control the flow of sensitive data, monitor high-risk activities, and detect the use of shadow IT applications along with the users and devices involved. This can help organisations maintain compliance with regulatory mandates such as PCI DSS, HIPAA, and GDPR.
- Threat detection: Effective threat detection is vital for protecting critical data stored in cloud services. CASBs can detect and mitigate cloud-related security threats, such as malware, ransomware, and account compromises. CASBs can also monitor user patterns and help detect anomalous user behaviour, including anomalous user logins. For instance, if a user attempts to log in from two or more geographically different locations in the span of a few minutes, it could indicate an attack, and CASBs can detect that. They also help prevent data breaches by monitoring all file uploads and downloads, thwarting data exfiltration attempts by malicious actors and negligent users. If a CASB is integrated well within a security information and event management (SIEM) solution, a security analyst can bring in additional context from cloud activities as they create threat detection rules.
Depending upon their security needs, organisations can decide to implement one or all of the three CASB deployment modes, namely: forward proxy, reverse proxy, and API scanning.
CASB acts as a mediator between users and cloud services in a forward proxy. When a user tries to access a cloud service, their request first goes through the CASB server located at the company’s perimeter. The CASB will first check the request before forwarding it to the application. For example, if an organisation has a policy against accessing a torrent website from a company device or network, and an employee attempts to access it, a forward proxy CASB can identify and block that request.
The CASB is situated between the user and an approved application in a reverse proxy, but its configurations are applied to the application rather than at the organization’s perimeter. Whether a user attempts to access an application from within the organisation network or from an outside network, the reverse proxy CASB can monitor and control access to the application. To accomplish this, it needs to work in conjunction with an identity provider solution.
API scanning entails the CASB establishing a direct connection to cloud services via its APIs. The CASB then monitors and controls data using APIs offered by the cloud services rather than sitting in the way of data transmission.
For a CASB solution to be effective, it requires all three modes of deployment to work in tandem. It’s also crucial for CASBs not to act as stand-alone solutions but to be integrated with SIEM solutions to provide greater visibility and threat detection. ManageEngine Log360 is a unified SIEM solution with integrated CASB capabilities that can fortify organisations’ multi-cloud security. Log360 has integrated the four pillars of CASBs to help organisations solve various cloud security challenges, and in the near future, it will incorporate all modes of CASB deployment.